I would like to preface this with "I am not new to linux, but new to SE-Linux." I am not sure where to begin with this problem. After a clean install of Fedore Core 3 (at least I thought clean), I tried to login in with a user account a few days later. This did not work, so I logged in as root to change my user's password.
1. First, I tried changing the user's password with passwd. Although the program seemed to accept the new password. I still was unable to login in afterwards.
2. So I tried to manually change it within the /etc/passwd file. Knowing that there was a shadow file, I deleted the encrypted password in shadow and the "x" in the /etc/password file. Then, I ran passwd, followed by pwconv. But still nothing.
3. Finally, I tried to just use "su" command into my user's account to no avail.
Now I am stuck. My understanding of SE is that you must match securities contents of the files, by using the -Z delimiter, which I did verify.
If someone could steer me in the right direction I would appreciate it.
Thx, Paul
BTW, I did also try userdel/useradd with no success.
On Mon, 21 Mar 2005 18:48:37 -0600 Paul Rumin purenrg7@gmail.com wrote:
I would like to preface this with "I am not new to linux, but new to SE-Linux." I am not sure where to begin with this problem. After a clean install of Fedore Core 3 (at least I thought clean), I tried to login in with a user account a few days later. This did not work, so I logged in as root to change my user's password.
- First, I tried changing the user's password with passwd. Although
the program seemed to accept the new password. I still was unable to login in afterwards.
- So I tried to manually change it within the /etc/passwd file.
Knowing that there was a shadow file, I deleted the encrypted password in shadow and the "x" in the /etc/password file. Then, I ran passwd, followed by pwconv. But still nothing.
- Finally, I tried to just use "su" command into my user's account
to no avail.
Now I am stuck. My understanding of SE is that you must match securities contents of the files, by using the -Z delimiter, which I did verify.
If someone could steer me in the right direction I would appreciate it.
Thx, Paul
BTW, I did also try userdel/useradd with no success.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is your system labeled? If not touch /.autorelabel, then reboot.
Is /.autolabel a program? A file? I did a search on Red Hat Support site and found nothing. I assume you want me to create a file (.autolabel) in the / directory. But this does nothing on my system. If you need more info, just ask what you need. Thanks in advance.
Paul
On Mon, 21 Mar 2005 17:12:22 -0800, Richard E Miles r.godzilla@comcast.net wrote:
On Mon, 21 Mar 2005 18:48:37 -0600 Paul Rumin purenrg7@gmail.com wrote:
I would like to preface this with "I am not new to linux, but new to SE-Linux." I am not sure where to begin with this problem. After a clean install of Fedore Core 3 (at least I thought clean), I tried to login in with a user account a few days later. This did not work, so I logged in as root to change my user's password.
- First, I tried changing the user's password with passwd. Although
the program seemed to accept the new password. I still was unable to login in afterwards.
- So I tried to manually change it within the /etc/passwd file.
Knowing that there was a shadow file, I deleted the encrypted password in shadow and the "x" in the /etc/password file. Then, I ran passwd, followed by pwconv. But still nothing.
- Finally, I tried to just use "su" command into my user's account
to no avail.
Now I am stuck. My understanding of SE is that you must match securities contents of the files, by using the -Z delimiter, which I did verify.
If someone could steer me in the right direction I would appreciate it.
Thx, Paul
BTW, I did also try userdel/useradd with no success.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is your system labeled? If not touch /.autorelabel, then reboot.
Richard E Miles Federal Way WA. USA registered linux user 46097
On Wed, 2005-03-23 at 15:22 -0600, Paul Rumin wrote:
Is /.autolabel a program? A file? I did a search on Red Hat Support site and found nothing. I assume you want me to create a file (.autolabel) in the / directory. But this does nothing on my system. If you need more info, just ask what you need. Thanks in advance.
It is a flag file; you create it, e.g.: touch /.autorelabel and then reboot the system.
The system initialization scripts check for it and will relabel the filesystem if the file exists, then delete it. system-config- securitylevel creates it upon significant changes to the SELinux configuration, e.g. enabling/disabling SELinux, switching from targeted to strict policy, etc.
On Mon, 2005-03-21 at 18:48 -0600, Paul Rumin wrote:
I would like to preface this with "I am not new to linux, but new to SE-Linux." I am not sure where to begin with this problem. After a clean install of Fedore Core 3 (at least I thought clean), I tried to login in with a user account a few days later. This did not work, so I logged in as root to change my user's password.
- First, I tried changing the user's password with passwd. Although
the program seemed to accept the new password. I still was unable to login in afterwards.
Unless you're using the "strict" policy (i.e. not the default "targeted" policy), it is very unlikely your problem has anything to do with SELinux. Do you see any "avc: denied" messages in /var/log/messages?
My guess is that the login was disabled for other reasons than the password. Anyways, I'd suggest moving this to fedora-list, until you are sure the problem relates to SELinux. One thing you should do is check /var/log/messages for any other (non-SELinux) log messages that may be relevant.
selinux@lists.fedoraproject.org
-
Colin Walters -
Paul Rumin -
Richard E Miles -
Stephen Smalley